We've been facing an issue while saving our page. It throws "Input String was not in correct format". After trying so many time, we found there was no problem with the code, but with the "Cache (Temporary Internet File"). After Cache was cleared, it saved without any error. Does anyone knew the reason behind it?
That sounds like the sort of error that you get from a bad parse, say Int32.Parse("foo") where you were expecting "foo" to be something like "123". I am not sure why this would be affected by the cache.
My recommendation would be to look at the method where the exception occurs and see if it attempts to parse a string. If you expect that the string might not be in the correct format (say, it's a string entered by the user, you can replace
int i = Int32.Parse(myString);
with
int i;
if (Int32.TryParse(myString, out i))
Then you can handle the case of bad input in the else.
If however you expect the string should always be in the correct format (in other words, this is truly "exceptional" behavior), then I would leave it as a Parse and add a catch (FormatException ex), and within the catch log the string that caused the exception. This should hopefully help you in tracking down the underlying cause of the problem.
Or if the problem has never reoccured since you cleared the cache back in October of '09, just chalk it up to cosmic rays and move on I guess. ;)
Related
So I have been working on this for quiet a while, I want to basically have something on my form2 save a datetime in Settings. Default["Day Recieved"]; on a event (button click) and I want it tell me how many days it has been on a textbox in form1. I have tried several approaches, but I cant seem to assign it properly as when I try I get a message saying that I cant convert it, even if I convert it to a datetime type, I made a whole class trying to get it to work properly, one time I had too much converting going on or something and the string passed to textbox was "TestApp.Settings+GetDate" I think that I just cant figure out how to do the right way, I have plenty of more ideas to try to get it to work, but I think there very bad ways, at least in practice, how should one do this properly without making a fool of themselves?
(I am aware I made this kinda hard to read, all I can think about is code right now and clear sentences escape my thought, since I been on this for about 8 hours, so please go easy on me, I am a nice guy :D)
I have found out how to do it, indeed i was over complicating it and have learned my lesson,
Form2:
string when = System.DateTime.UtcNow.Date.AddDays(30).ToString();
Form1.passwhen = when;
Back on form one, declare the global string for passwhen and then do:
textBox.Text = passwhen;
Settings.Default["Day"] = textBox10;
Settings.Default.Save();
I still need to clean it up and make it load the saved setting on load, but this is simple and worked just fine, i was confused because once i save the datetime in settings, VS was saying that System.DateTime and DateTime were two different types and that i couldn't explicitly convert it.
Looking at this
http://www.dotnetperls.com/ashx
I might have bits of code like this:
string file = context.Request.QueryString["file"];
if (file == "logo")
{
r.WriteFile("Logo1.png");
}
else
{
r.WriteFile("Flower1.png");
}
That should allow me to see different things depending on URL that I enter in a browser, for example:
http://www.dotnetperls.com/?file=logo
http://www.dotnetperls.com/?file=sth_else_eg_flower
The problem I am facing now is how, knowing just http://www.dotnetperls.com/?file can I read what the all the assumed options of the file variable are? In this case it would be "logo" and anything else.
What I have in reality is http://www.somewebstie.com/somefile.ashx?somevariable=. I can Google up the string to get few results (i.e. http://www.somewebstie.com/somefile.ashx?somevariable=abcde or http://www.somewebstie.com/somefile.ashx?somevariable=xyz) thus I know it exists and is somehow searchable. I just would like to know all the other "abcde" and "xyz". If I try just http://www.somewebstie.com/somefile.ashx I get a singe line error saying that I am giving a wrong variable and I cannot see anything important in the source of the site.
What might be important here - I have zero knowledge about web technologies.
You can't get this information. Its all hidden in the code implementation. There is no published format (by default) that will show you all of the available options the code is looking for.
I'm trying to trim an exception message with the below code:
Response.Redirect("IllegalCharactersError.aspx?error=");
string message = ex.Message;
string cleanMessage = message.Substring(message.IndexOf("=") + 1);
Session.Add("IllegalCharactersError", cleanMessage.Replace("\\", ""));
Here is a sample of the string:
A potentially dangerous Request.Form value was detected from the client
(ctl00$Main$EmployerRegistrationCtrl$CompanyDetails$CompanyTradingAs="'<'My Company Trading").
I only want to display '<'My Company Trading but my label is displaying \"'<'My Company Trading\"). with back slashes so its not displaying and I cant seem to remove, any ideads how to acheive this?
Thanks
Darren
You should use HttpUtility.HtmlEncode:
lbl.Text = HttpUtility.HtmlEncode(value);
Use HttpUtility.HtmlDecode to read the Text of the label later:
string value = HttpUtility.HtmlDecode(lbl.Text);
If you want to transfer the error-message via URL, you need HttpUtility.UrlEncode and later HttpUtility.UrlDecode.
But i'm not sure where you are getting the backslashes from. The original error-message has none, are you masking it somewhere?
For the sake of completeness, here you find informations how you prevent the "dangerous Request.Form value"-error: A potentially dangerous Request.Form value was detected from the client
Did you make the IllegalCharactersException (or however it is called in your example) yourself? If you did, you should add some useful properties to it:
ex.OffendingValue
ex.Field
These properties should be filles when the exception is thrown.
That saves you from parsing the string at all.
I'm attempting to create a streaming webservice, unfortunally i even lack its concept overall. My idea is to have a method which will return to me a string with the value of the URL to the streaming page.
I've tried many different ways to do this, but no one of them worked; I tried using DownloadString, even writting the raw URL, but i always had errors so i found one way to just make it happen:
[WebMethod]
public string WatchMedia(string title)
{
Global.Media = title;
Streaming str = new Streaming(); //Streaming.aspx
return str.GetURL();
}
Okay so, in my aspx.cs i included this:
internal string GetURL()
{
return HttpContext.Current.Request.Url.AbsoluteUri.ToString();
}
Don't really ask me about the 'internal', i'm so tired of trying different ways to get this to work that i just go along with that VS builds for me.
That does give me the URL i thought i wanted, BUT, it doesn't work, why? Because it says, give or take (directly translated):
The request format is not recognized for the unexpectedly terminated URL in /WatchMedia
WatchMedia is the name of my method as seen above.
Now, beside's hoping someone can give me a straight answer as to what ridiculous sin am i hurting my self with here, i'd like to know if this is the way for a streaming webservice to work? I can't seem to find any real information about video streaming webservices over the www, not even Google will tell me!
If you ever have the same problem, just forget creating an object of the aspx page, and get the URL raw, by running the page and copying it, then all you have to do is change the localhost Port, which you can get from HttpContext.
2nd in an occasional series:
Here's the first one
Is CAT.NET correct that the following is a genuine vulnerability in ASP.NET or is it a false positive?
var myInt = Int32.Parse(txtUserInput.Text);
Response.Redirect(string.Format("myPage.aspx?myId={0}", myInt);
CAT.NET is reporting this as a redirect vulnerability needing remediation via encoding myInt.
I wouldn't call that dangerous but its not how I would write it myself
int myInt;
if(Int32.TryParse(txtUserInput.Text,out myInt)){
Response.Redirect(string.Format("myPage.aspx?myId={0}", myInt);
}
Is to my mind cleaner as it wont throw an exception if the parse fails due to bad user input and we are explicitly typing the int.
Any error handling code can be bundled into an else statement on the end.
I don't believe so, it could cause an exception so TryParse might be a better approach. It's just yelling because you are taking user input and redirecting based on it. It's possibly being a little too aggressive which isn't exactly bad.
There is no exploitable vulnerability as a result of this code. Any vulnerability would be a result of what myPage.aspx does with the value of myId, not how your url is built. Anyone could just as easily directly hit myPage.aspx with anything they want in the querystring.
However this is bad practice, assuming that you haven't left anything out of the code between those two lines. You should verify that txtUserInput.Text contains only numeric characters, and falls within allowable values.
Exploits happen because of improper parsing of user-supplied data by the page it's posted to -- not improper generating of URLs. While it's a good idea to try to make sure your web site won't write a broken URL because of something that's put in a form, input validation at the front-end is irrelevant to security. All that matters is what the code that accepts the input does with it, since any post or query string can be forged.